Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Tuesday July 07 2020, @02:57PM   Printer-friendly
from the keep-up-to-date-with-updates dept.

Millions Of Home Wi-Fi Routers Are Likely Vulnerable To Unpatched Linux Security Exploits

If you're reading this article from home, it's likely that you're connected to a consumer-grade Wi-Fi router, either wirelessly or via hard wired Ethernet. And if that's the case, you should probably take this time to upgrade your router's firmware ASAP. That is if an update is even available from the manufacturer.

We say this because the Fraunhofer Institute for Communication (FKIE) in Germany recently performed test of 127 home routers, to probe them for their resistance to security threats. Of the routers the researchers tested, 91 percent of them were found to be running some version of embedded Linux, which isn't surprising.

What was surprising, however, was that the researchers found that not a single router was free of security flaws. In fact, it was discovered that many of these routers were actually susceptible to hundreds of known security vulnerabilities.

Reference:
Peter Weidenbach, Johannes vom Dorp. Home Router Security Report 2020 (pdf), FKIE


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Funny) by Lagg on Tuesday July 07 2020, @04:09PM (3 children)

    by Lagg (105) on Tuesday July 07 2020, @04:09PM (#1017731) Homepage Journal

    DD-WRT v3.0-r36330 std (07/16/18)

    I really hate doing unnecessary flashes, but if there's a chance someone can get root on it or something like that I'd rather bite the bullet. It seems like article and paper are more talking about the shit OEM stuff that hasn't been updated since the router itself was released. Like the ones that take a year to fix a bug on the port forward setup page. I can't see any specific exploits of concern in my super-fast read through of the stuff beyond obvious problems with key strength. Seems like more general kernel auditing.

    --
    http://lagg.me [lagg.me] 🗿
    Starting Score:    1  point
    Moderation   +1  
       Funny=1, Total=1
    Extra 'Funny' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: 3, Insightful) by The Mighty Buzzard on Tuesday July 07 2020, @04:59PM (2 children)

    Probably, yes. I'm entirely too lazy to look over every kernel security fix over the past couple years and see if any of them could realistically affect something that runs no more than a router does but it's far from impossible or even unlikely.

    --
    My rights don't end where your fear begins.
    • (Score: 2) by Lagg on Tuesday July 07 2020, @06:07PM

      by Lagg (105) on Tuesday July 07 2020, @06:07PM (#1017798) Homepage Journal

      Good point. I should really know better about asking that question given the sheer kernel churn these days. I swear 3.0 was an ML injoke until reality caught up.

      Might as well pull the bandaid real quick. If I stop posting going into next day: Bricked it.

      --
      http://lagg.me [lagg.me] 🗿
    • (Score: 2) by jasassin on Tuesday July 07 2020, @09:42PM

      by jasassin (3566) <jasassin@gmail.com> on Tuesday July 07 2020, @09:42PM (#1017891) Homepage Journal

      I'm entirely too lazy to look over every kernel security fix over the past couple years and see if any of them could realistically affect something that runs no more than a router does but it's far from impossible or even unlikely.

      There's probably going to be a few new vulnerabilities added the way the Linux devs shoot so much code out their ass. FWIW I'd be more concerned about the gaping WPS hole on almost every router. HINT: Disable WPS on your routers ASAP!

      With airgeddon [github.com] I was able to acquire a WiFi password, via a WPS vulnerability, in about 10 seconds. No need to crack WPA2.

      --
      jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A